ExpertEasy1 markMultiple Choice
CPA · Question 78 · Area II: Security
A company uses 'Role-Based Access Control' (RBAC). How are permissions assigned?
A company uses 'Role-Based Access Control' (RBAC). How are permissions assigned?
Answer options:
A.
Permissions are assigned directly to each user individually.
B.
Permissions are assigned to roles (e.g., 'Manager'), and users are assigned to roles.
C.
Permissions are based on the user's security clearance level (Top Secret).
D.
Permissions are based on time of day.
How to approach this question
User -> Role -> Permission.
Full Answer
B.Permissions are assigned to roles (e.g., 'Manager'), and users are assigned to roles.✓ Correct
B
In RBAC, access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. This simplifies administration compared to assigning rights to every user individually.
Common mistakes
Confusing RBAC with MAC (Clearance levels).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium